Visa recently released a security alert about a new type of skimming attack on their payment cards. Customers using Visa for online shopping found their account number, expiration date, CVV, and name and address were now in the hands of bad actors. Visa’s Payment Fraud Disruption detected the JavaScript skimmer, called Pipka, has affected at least 16 e-commerce merchants to date. Considering the holiday shopping season is right around the corner, card holders need to be aware of the current risk using their Visa cards for online shopping.
Visa finds Pipka is a new type of malicious skimming that until recently had never been seen before. Pipka has similarities to previous JavaScript skimming, but now has a new feature that separates it from the rest. Unique to Pipka, the creators focused on avoiding detection, something previous card skimming attacks were unable to do. Its focus on anti-forensics allows Pipka to automatically remove itself from the HTML code after skimming takes place. This feature allows attackers to be anonymous, a significant new development in JavaScript skimming. When an attacker knows they can’t be identified, Pipka’s added layer of anonymity can provide incentive for further attacks.
Keeping an ongoing review of payment card charges, in this case with Visa, is an important part of minimizing damage from an attack. Whether it’s Pipka or previous versions like Inter, paying attention to detail pays off. Online shoppers, especially during peak purchase seasons, should regularly monitor payment card activity for any unusual charges…don’t wait until the monthly statement is released. It’s easy enough to check charges far more often these days and it’s good advice to do so when pulling that card out of your wallet often.
In addition, make sure you are using secure sites when entering any payment card or other sensitive information in online ecommerce sites. Look for the "https://" in the URL as well as the lock icon and heed any warnings about expired certificates or unsafe sites.
The moment something unexpected is detected, no matter how small the dollar amount, report it immediately to the card issuer. This enables the card provider to prevent further charges to the card until it’s investigated. This quick action prevents further bogus charges to the card and greatly reduces customer and card issuer liability for the damage. Keeping tabs on payment cards is an ongoing process to be taken seriously, especially at peak holiday shopping times when hackers do their best to take your money and run, hoping you just won’t notice.